I’m a bit perplexed on this one. I’m running pihole in a local container. Seems to run fine. But I cannot use dns port 53 (tcp or udp) when coming in to the LAN ip of 10.10.0.1. When I come in to the lo IP of 127.0.0.1, all good. HTTP on port 80 works from LAN ip.
Here’s a set of commands I think show the story. Ports 80 and 53 are both listening on 0.0.0.0. Telnet connects fine on port 80 to 10.10.0.1. Telnet to port 53 closes immediately. But, telnet to port 53 on 127.0.0.1 stays connected.
vyos@vyos:~$ netstat -an | grep 53 | grep LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp6 0 0 :::53 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 5317 /var/run/frr/eigrpd.vty
unix 2 [ ACC ] STREAM LISTENING 5322 /var/run/frr/staticd.vty
unix 2 [ ACC ] STREAM LISTENING 5327 /var/run/frr/bfdd.vty
vyos@vyos:~$ netstat -an | grep 80 | grep LISTEN
tcp 0 0 127.0.0.1:18003 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 280492 s
unix 2 [ ACC ] STREAM LISTENING 4480 /var/run/frr/ripd.vty
unix 2 [ ACC ] STREAM LISTENING 3802 /run/vyos-configd.sock
vyos@vyos:~$ ifconfig | grep inet
inet 10.0.3.125 netmask 255.255.255.0 broadcast 10.0.3.255
inet6 fe80::6c23:acff:fecc:86e3 prefixlen 64 scopeid 0x20<link>
inet 10.10.0.1 netmask 255.255.255.0 broadcast 10.10.0.255
inet6 fe80::14d4:c9ff:fe0a:6ab8 prefixlen 64 scopeid 0x20<link>
inet 10.10.2.1 netmask 255.255.255.0 broadcast 10.10.2.255
inet6 fe80::14d4:c9ff:fe0a:6ab8 prefixlen 64 scopeid 0x20<link>
inet 127.0.0.1 netmask 255.0.0.0
inet6 fe80::200:ff:fe00:0 prefixlen 64 scopeid 0x20<link>
inet6 ::1 prefixlen 128 scopeid 0x10<host>
inet 10.0.6.2 netmask 255.255.255.0 destination 10.0.6.2
inet6 fe80::fc1b:47ff:febc:a84 prefixlen 64 scopeid 0x20<link>
vyos@vyos:~$ /usr/bin/telnet 10.10.0.1 80
Trying 10.10.0.1...
Connected to 10.10.0.1.
Escape character is '^]'.
I'm In Here Connected
^]
telnet> Connection closed.
vyos@vyos:~$ /usr/bin/telnet 10.10.0.1 53
Trying 10.10.0.1...
Connected to 10.10.0.1.
Escape character is '^]'.
Connection closed by foreign host.
vyos@vyos:~$ /usr/bin/telnet 127.0.0.1 53
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
I'm In Here Connected.
^]
telnet> Connection closed.
I typed I’m In Here Connected. whenever telnet was left open. Just to show that I was not kicked out.
If it’s firewall related, I think it’s just LOCAL-LAN, which I have allowed. Am I wrong?
name LOCAL-LAN {
default-action accept
enable-default-log
}